CVE-2022-33945

Q: What is the severity of CVE-2022-33945?

CVE-2022-33945 has a CVSS score of 8.2 (HIGH). This vulnerability allows a privileged user with local access to potentially escalate privileges through improper input validation in Intel Server board and Server System BIOS firmware. It affects systems running vulnerable Intel server hardware BIOS versions. Attackers could gain higher privileges than intended on affected systems.

8.2 HIGH

📋 TL;DR

This vulnerability allows a privileged user with local access to potentially escalate privileges through improper input validation in Intel Server board and Server System BIOS firmware. It affects systems running vulnerable Intel server hardware BIOS versions. Attackers could gain higher privileges than intended on affected systems.

💻 Affected Systems

Products:

Intel Server Board S2600WF Family
Intel Server System S2600WF Family

Versions: BIOS versions before 02.01.0021

Operating Systems: All operating systems running on affected hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access to the system management interface (BMC/IPMI) or physical console access.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with existing privileged access could achieve full system compromise, bypass security controls, install persistent malware, or access sensitive data.

🟠

Likely Case

A malicious insider or compromised administrator account could escalate privileges to gain complete control over the server hardware and firmware.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to authorized administrative users who would need to intentionally exploit the vulnerability.

🌐 Internet-Facing: LOW - This requires local access to the physical server or remote management interface with existing credentials.

🏢 Internal Only: HIGH - Internal privileged users or compromised administrative accounts could exploit this to gain complete system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires existing privileged access to the system management interface. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BIOS version 02.01.0021 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html

Restart Required: Yes

Instructions:

1. Download BIOS update from Intel support site. 2. Follow Intel BIOS update procedures for your specific server model. 3. Apply update through BMC/IPMI interface or bootable media. 4. Reboot server to complete installation.

🔧 Temporary Workarounds

Restrict BMC/IPMI Access

all

Limit access to the Baseboard Management Controller and IPMI interface to only authorized administrative networks and users.

Implement Least Privilege

all

Restrict local administrative access to only necessary personnel and implement multi-factor authentication for management interfaces.

🧯 If You Can't Patch

Isolate affected servers in secure network segments with strict access controls
Implement enhanced monitoring and logging of BIOS/UEFI and management interface access

🔍 How to Verify

Check if Vulnerable:

Check BIOS version in system management interface (BMC/IPMI) or during system boot. Compare against vulnerable versions (before 02.01.0021).

Check Version:

ipmitool mc info (Linux) or check BIOS version in system management web interface

Verify Fix Applied:

Confirm BIOS version is 02.01.0021 or later in system management interface and verify successful update completion.

📡 Detection & Monitoring

Log Indicators:

Unusual BIOS/UEFI configuration changes
Multiple failed authentication attempts on management interface
Unexpected system reboots or firmware update attempts

Network Indicators:

Unusual traffic to BMC/IPMI management ports (default 623/UDP, 443/TCP)
Management interface access from unauthorized IP addresses

SIEM Query:

source="bios_logs" AND (event_type="configuration_change" OR event_type="firmware_update")

📊 Metadata

CVE ID: CVE-2022-33945

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-20

Published: November 14, 2023

Last Updated: November 21, 2024

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html Patch,Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Compute Module Hns2600bpb Firmware by Intel

Compute Module Hns2600bpb24 Firmware by Intel

Compute Module Hns2600bpblc Firmware by Intel

Compute Module Hns2600bpblc24 Firmware by Intel

Compute Module Hns2600bpblc24r Firmware by Intel

Compute Module Hns2600bpblcr Firmware by Intel

Compute Module Hns2600bpbr Firmware by Intel

Compute Module Hns2600bpq Firmware by Intel

Compute Module Hns2600bpq24 Firmware by Intel

Compute Module Hns2600bpq24r Firmware by Intel

Compute Module Hns2600bpqr Firmware by Intel

Compute Module Hns2600bps Firmware by Intel

Compute Module Hns2600bps24 Firmware by Intel

Compute Module Hns2600bps24r Firmware by Intel

Compute Module Hns2600bpsr Firmware by Intel

Compute Module Liquid Cooled Hns2600bpbrct Firmware by Intel

Server Board M10jnp2sb Firmware by Intel

Server Board M20ntp2sb Firmware by Intel

Server Board M70klp2sb Firmware by Intel

Server Board S2600bpb Firmware by Intel

Server Board S2600bpbr Firmware by Intel

Server Board S2600bpq Firmware by Intel

Server Board S2600bpqr Firmware by Intel

Server Board S2600bps Firmware by Intel

Server Board S2600bpsr Firmware by Intel

Server System M20ntp1ur304 Firmware by Intel

Server System M70klp4s2uhh Firmware by Intel

Server System Mcb2208wfaf5 Firmware by Intel

Server System Vrn2224bpaf6 Firmware by Intel

Server System Vrn2224bphy6 Firmware by Intel

Server System Zsb2224bpaf1 Firmware by Intel

Server System Zsb2224bpaf2 Firmware by Intel

Server System Zsb2224bphy1 Firmware by Intel